Chaos and alphabet soup: The verdict on the UK's cyber security defences

An 'inconsistent, dysfunctional and chaotic' approach to cybersecurity is giving the Public Accounts Committee concerns about national security.
Written by Danny Palmer, Senior Writer

The government is struggling to protect the UK from cyberattacks, say MPs.

Image: iStock

An inconsistent, dysfunctional and chaotic response to cybersecurity by the British government is causing concerns about its ability to protect the country from cyberattacks and hackers, MPs have warned.

The damning indictment is set out in a by the Public Accounts Committee (PAC) report into protecting information across government, which comes as defence secretary Michael Fallon has warned about a persistent pattern of cyber attacks by Russia against Western nations.

Citing data security breaches at the likes of Tesco Bank and Northern Lincolnshire and Goole NHS Trust as examples of the growing threat to the UK posed by cyberattacks, the committee has urged the government to establish a clear approach to protecting the nation from hackers and cyber-espionage.

One of the key problems surrounds what's deemed a generally slow response by the government, which has been warned about cyberattacks being one of the UK's top four risks to national security since 2010.

In that time, the government has set up various initiatives and bodies but has struggled to coordinate the 'alphabet soup' of the 40 agencies and governmental departments involved in protecting Britain's cyberspace.

While the government recently established the National Cyber Security Centre (NCSC) in an effort to improve coordination of cybersecurity strategy, MPs warn that leadership from the centre is so far "inadequate" and that the practical aspects of its role must be "clarified quickly".

"Government has a vital role to play in cyber security across society but it needs to raise its game.

"Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks," says Meg Hillier MP, Chair of the PAC.

The committee also warns that a cybersecurity skills shortage is compromising the UK's ability to defend itself against cyberattacks, with even the Cabinet Office itself unable to determine what exact skills are expected of cybersecurity professionals inside Whitehall.

That, the report says is dangerous because use of the internet for cybercrime is evolving so quickly and the government is already falling behind when it comes to matching the pace of hackers.

"It should concern us all that the government is struggling to ensure its security profession has the skills it needs," says Hillier.

In order to get a hold of the situation, the PACublic urged the Cabinet Office to develop a detailed plan for the NCSC by April, setting out who it will support, what assistance it will provide and how it will communicate with organisations needing its assistance.

The Public Accounts Committee isn't the only group of MPs assessing the UK's vulnerability to cyberattacks; the Parliamentary Joint Committee on the National Security Strategy is also carrying out an investigation into the country's cybersecurity defences as part of a review of security strategy.


Editorial standards